TechSpot

Dwm.exe in AppData\local\temp\msupdate71 consumes 100% of CPU

By Hendry Lukito
Oct 11, 2014
  1. I have read several way to clean this malware, which is very painful.
    the process always started up every time I delete it, even from safe mode.

    I'll be very thankful to you guys if you help me despite my intent. I want your pro assistance and I'll follow everything you tell me to do! Thanks again!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    Here you go:

    1. MBAM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/12/2014
    Scan Time: 3:06:16 PM
    Logfile: Scan mbam.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.10.12.01
    Rootkit Database: v2014.10.11.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Hendry Lukito

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 459482
    Time Elapsed: 20 min, 8 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)


    2. DDS.txt

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.17280 BrowserJavaVersion: 10.67.2
    Run by Hendry Lukito at 15:41:23 on 2014-10-12
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1028.18.28559.20901 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\SysWOW64\afasrv64.exe
    C:\Windows\system32\IProsetMonitor.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\SmartCardReader\iconcs236856.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\CyberLink\Shared files\brs.exe
    C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    C:\Windows\SysWOW64\NLSSRV32.EXE
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Microsoft Office\Office15\WINWORD.EXE
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
    C:\Users\HENDRY~1\AppData\Local\Temp\msupdate71\dwm.exe
    C:\Windows\system32\notepad.exe
    C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
    C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
    C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
    C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
    C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
    C:\Program Files\Microsoft Office\Office15\EXCEL.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\TreeAgePro2011\treeagepro.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uDefault_Page_URL = www.google.com
    mStart Page = www.google.com
    mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1412862138&from=exp&uid=WDCXWD5000AAKX-221CA1_WD-WCAYUZ76100161001&q={searchTerms}
    mDefault_Page_URL = www.google.com
    mDefault_Search_URL = www.google.com
    mWinlogon: Userinit = userinit.exe,
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    BHO: Windows Live ID ??????: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
    BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
    BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
    uRun: [GoogleChromeAutoLaunch_66BA88EA9C7239110C272E4BEFBBD499] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\HENDRY~1\AppData\Local\Temp\\mdi564.dll,asdasd
    uRun: [SRS Premium Sound] "C:\Program Files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_x64.exe" /hideme
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [USBestCR] C:\Program Files (x86)\SmartCardReader\iconcs236856.exe RunFromReg
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
    mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
    mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: ??? Microsoft Excel(&X) - <no file>
    IE: ??? OneNote(&N) - <no file>
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: ??? OneNote(&N) - <no file>
    IE: ??? Microsoft Excel(&X) - <no file>
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
    IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB} : NameServer = 8.8.8.8,8.8.4.4
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mStart Page = www.google.com
    x64-mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1412862138&from=exp&uid=WDCXWD5000AAKX-221CA1_WD-WCAYUZ76100161001&q={searchTerms}
    x64-mDefault_Page_URL = www.google.com
    x64-mDefault_Search_URL = www.google.com
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
    x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
    x64-Run: [USBestCR] C:\Program Files (x86)\SmartCardReader\iconcs236856.exe RunFromReg
    x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
    x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
    x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
    x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
    x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
    x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
    x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2014-8-7 283064]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/09/21 09:03:57];C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [2009-11-19 146928]
    R2 AfaService;Afa Card Reader Service;C:\Windows\System32\afasrv64.exe --> C:\Windows\System32\afasrv64.exe [?]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-7-23 180136]
    R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-9-21 133800]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-11 1809720]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-11 860472]
    R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2012-6-12 220104]
    R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2014-3-22 169752]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-11 25816]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-11 122584]
    R3 MHIKEY10;MHIKEY10;C:\Windows\System32\drivers\MHIKEY10x64.sys [2010-9-15 60288]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-9-30 80384]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-9-30 180736]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 MSOLAP$BUNJIRA;SQL Server Analysis Services (BUNJIRA);C:\Program Files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe [2011-9-22 43801448]
    S2 MSSQL$BUNJIRA;SQL Server (BUNJIRA);C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe [2014-7-12 58387104]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-9-12 111616]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-11 63704]
    S3 MSSQLFDLauncher$BUNJIRA;SQL Full-text Filter Daemon Launcher (BUNJIRA);C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe [2008-7-10 34840]
    S3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2014-3-11 125584]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-8-7 19456]
    S3 SRS_PremSoundMon;SRS for Monitors;C:\Windows\System32\drivers\SRS_PremSoundMon_amd64.sys [2014-10-10 158576]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-7 56832]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-4 59744]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
    S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
    .
    =============== Created Last 30 ================
    .
    2014-10-12 03:52:56 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C0F39176-7BC7-4F76-808B-4056130E2AA8}\mpengine.dll
    2014-10-11 22:05:01 11578928 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-10-11 10:35:48 -------- d-----w- C:\temp
    2014-10-10 18:31:29 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-10-10 18:30:28 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-10-10 18:30:28 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-10-10 18:30:28 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-10-10 18:30:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-10-10 18:30:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-10 17:45:12 -------- d-----w- C:\Program Files (x86)\Windows Kits
    2014-10-10 17:44:53 -------- d-----w- C:\ProgramData\Package Cache
    2014-10-10 06:29:56 -------- d-----w- C:\Users\Hendry Lukito\AppData\Local\SRS Labs
    2014-10-10 06:29:27 158576 ----a-w- C:\Windows\System32\drivers\SRS_PremSoundMon_amd64.sys
    2014-10-10 06:26:18 -------- d-----w- C:\Program Files (x86)\ViewSonic
    2014-10-09 13:43:13 -------- d-----w- C:\Users\Hendry Lukito\AppData\Roaming\337Games
    2014-10-09 13:41:55 -------- d-----w- C:\Users\Hendry Lukito\AppData\Roaming\SimpleFiles
    2014-10-09 10:58:51 -------- d-----w- C:\Program Files (x86)\MathWave
    2014-10-03 04:54:14 1188440 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{88FE5B43-4AE3-420A-AF36-C4FFC838A2AD}\gapaengine.dll
    2014-10-01 14:07:23 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2014-10-01 14:07:23 371712 ----a-w- C:\Windows\System32\qdvd.dll
    2014-09-24 07:11:47 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2014-09-24 07:11:47 2048 ----a-w- C:\Windows\System32\tzres.dll
    2014-09-23 05:58:12 -------- d-----w- C:\Users\Hendry Lukito\AppData\Roaming\MedCalc Software
    2014-09-14 12:04:51 -------- d-----w- C:\Program Files (x86)\MSECache
    2014-09-13 11:17:32 -------- d-----w- C:\Program Files (x86)\Team17
    .
    ==================== Find3M ====================
    .
    2014-09-24 03:57:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-24 03:57:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-09-22 06:42:39 278152 ------w- C:\Windows\System32\MpSigStub.exe
    2014-09-05 02:10:43 578048 ----a-w- C:\Windows\System32\aepdu.dll
    2014-09-05 02:05:42 424448 ----a-w- C:\Windows\System32\aeinv.dll
    2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
    2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
    2014-08-23 00:59:01 3163648 ----a-w- C:\Windows\System32\win32k.sys
    2014-08-18 22:29:49 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-08-18 22:29:35 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-08-18 22:19:53 5833728 ----a-w- C:\Windows\System32\jscript9.dll
    2014-08-18 22:15:34 547328 ----a-w- C:\Windows\System32\vbscript.dll
    2014-08-18 22:15:09 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-08-18 22:14:38 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-08-18 22:14:10 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
    2014-08-18 22:08:55 4232704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-08-18 22:03:47 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-08-18 22:03:37 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-08-18 22:03:01 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-08-18 21:57:44 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-08-18 21:56:17 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-08-18 21:46:26 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-08-18 21:45:23 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-08-18 21:45:12 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
    2014-08-18 21:44:44 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-08-18 21:44:09 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
    2014-08-18 21:36:07 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-08-18 21:35:24 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-08-18 21:23:17 2104832 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-08-18 21:23:16 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
    2014-08-18 21:22:48 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-18 21:15:13 2310656 ----a-w- C:\Windows\System32\wininet.dll
    2014-08-18 21:08:54 2014208 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-08-18 21:07:44 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
    2014-08-18 20:46:48 1812992 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-08-07 12:01:10 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2014-08-07 09:48:25 111016 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-08-07 09:30:40 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-01 11:53:22 1031168 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-08-01 11:35:06 793600 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-07-24 18:35:46 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 15:47:06 869544 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
    2014-07-17 10:05:06 269008 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2014-07-17 10:05:06 125584 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    .
    ============= FINISH: 15:42:05.33 ===============
     
  4. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    Sorry I need to put the attach.txt in attachment. It's a way too long to post it here as plain text.
    Thank for your consideration.
     

    Attached Files:

  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please observe forum rules.
    All logs have to be pasted not attached.
    If some log exceeds 50,000 characters post limit, split it into a couple of replies.
     
  6. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/21/2011 8:10:01 AM
    System Uptime: 10/11/2014 11:39:03 AM (28 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | BM6660(BM6360)
    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz | LGA1155 | 3401/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 233 GiB total, 35.428 GiB free.
    D: is FIXED (NTFS) - 233 GiB total, 134.066 GiB free.
    E: is FIXED (NTFS) - 0 GiB total, 0.064 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 977 GiB total, 919.032 GiB free.
    H: is FIXED (NTFS) - 1071 GiB total, 274.085 GiB free.
    I: is CDROM ()
    J: is Removable
    K: is Removable
    L: is FIXED (NTFS) - 931 GiB total, 828.427 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Intel(R) 82579LM Gigabit Network Connection
    Device ID: PCI\VEN_8086&DEV_1502&SUBSYS_844E1043&REV_05\3&11583659&0&C8
    Manufacturer: Intel
    Name: Intel(R) 82579LM Gigabit Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_1502&SUBSYS_844E1043&REV_05\3&11583659&0&C8
    Service: e1cexpress
    .
    Class GUID:
    Description: WD SES Device USB Device
    Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1007\575834314533344C4D303433&1
    Manufacturer:
    Name: WD SES Device USB Device
    PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1007\575834314533344C4D303433&1
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ?????? 7.0 ???
    64 Bit HP CIO Components Installer
    ACDSee Pro 3
    Adobe Acrobat X Pro - English, Fran?is, Deutsch
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 15 Plugin
    Adobe Reader XI (11.0.09)
    Adobe Shockwave Player 12.0
    Age of Empires III - Complete Collection
    Counter-Strike 1.6
    CPUID CPU-Z 1.70
    CustomerResearchQFolder
    CyberLink PowerDVD 9
    D3DX10
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
    EasyFit 5.5
    Facebook Video Calling 3.1.0.521
    GDR 2550 for SQL Server 2008 R2 (KB2716440) (64-bit)
    GDR 5512 for SQL Server 2008 (KB2716436) (64-bit)
    GDR 5520 for SQL Server 2008 (KB2977321) (64-bit)
    Google Chrome
    Google Update Helper
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    HP Customer Participation Program 10.0
    HP LaserJet P2050 Series 6.0
    hppFonts
    hppQFolderP2050
    hppusgP2050
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Network Connections 15.6.25.0
    Intel(R) Processor Graphics
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Internet Download Manager
    Java 7 Update 67
    Java 7 Update 67 (64-bit)
    Java Auto Updater
    Junk Mail filter update
    K-Lite Codec Pack 9.7.0 (64-bit)
    K-Lite Mega Codec Pack 7.6.0
    Kits Configuration Installer
    Malwarebytes Anti-Malware version 2.0.2.1012
    MarketResearch
    MATLAB R2009a
    Mesh Runtime
    Microsoft .NET Framework 4.5.1
    Microsoft .NET Framework 4.5.1 (????)
    Microsoft .NET Framework 4.5.1 (CHT)
    Microsoft Access database engine 2010 (English)
    Microsoft Access MUI (Chinese (Traditional)) 2013
    Microsoft Access MUI (English) 2013
    Microsoft Access Setup Metadata MUI (English) 2013
    Microsoft Application Error Reporting
    Microsoft DCF MUI (Chinese (Traditional)) 2013
    Microsoft DCF MUI (English) 2013
    Microsoft Excel MUI (Chinese (Traditional)) 2013
    Microsoft Excel MUI (English) 2013
    Microsoft Groove MUI (Chinese (Traditional)) 2013
    Microsoft Groove MUI (English) 2013
    Microsoft InfoPath MUI (Chinese (Traditional)) 2013
    Microsoft InfoPath MUI (English) 2013
    Microsoft Lync MUI (Chinese (Traditional)) 2013
    Microsoft Lync MUI (English) 2013
    Microsoft Office ???? 2013 - ????
    Microsoft Office 2003 Web Components
    Microsoft Office 32-bit Components 2013
    Microsoft Office Access database engine 2007 (English)
    Microsoft Office File Validation Add-In
    Microsoft Office Language Pack 2013 - English
    Microsoft Office O MUI (English) 2013
    Microsoft Office OSM MUI (Chinese (Traditional)) 2013
    Microsoft Office OSM MUI (English) 2013
    Microsoft Office OSM UX MUI (Chinese (Traditional)) 2013
    Microsoft Office OSM UX MUI (English) 2013
    Microsoft Office Outlook Connector
    Microsoft Office Professional Plus 2013
    Microsoft Office Proofing (Chinese (Traditional)) 2013
    Microsoft Office Proofing (English) 2013
    Microsoft Office Proofing Tools 2013 - English
    Microsoft Office Proofing Tools 2013 - Español
    Microsoft Office Shared 32-bit MUI (Chinese (Traditional)) 2013
    Microsoft Office Shared 32-bit MUI (English) 2013
    Microsoft Office Shared MUI (Chinese (Traditional)) 2013
    Microsoft Office Shared MUI (English) 2013
    Microsoft Office Shared Setup Metadata MUI (English) 2013
    Microsoft OneNote MUI (Chinese (Traditional)) 2013
    Microsoft OneNote MUI (English) 2013
    Microsoft Outlook MUI (Chinese (Traditional)) 2013
    Microsoft Outlook MUI (English) 2013
    Microsoft PowerPoint MUI (Chinese (Traditional)) 2013
    Microsoft PowerPoint MUI (English) 2013
    Microsoft Publisher MUI (Chinese (Traditional)) 2013
    Microsoft Publisher MUI (English) 2013
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft SharePoint Designer MUI (English) 2013
    Microsoft Silverlight
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Analysis Services
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Full text search
    Microsoft SQL Server 2008 R2 (64-bit)
    Microsoft SQL Server 2008 R2 Books Online
    Microsoft SQL Server 2008 R2 Native Client
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 RsFx Driver
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Reporting Services
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Browser
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server System CLR Types (x64)
    Microsoft SQL Server VSS Writer
    Microsoft Sync Framework Runtime v1.0 (x64)
    Microsoft Sync Services for ADO.NET v2.0 (x64)
    Microsoft Visio Language Pack 2013 - English
    Microsoft Visio MUI (Chinese (Traditional)) 2013
    Microsoft Visio MUI (English) 2013
    Microsoft Visio Professional 2013
    Microsoft VisMUI (English) 2013
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual Studio 2007 Tools for Applications - ENU ? Hotfix (KB947789)
    Microsoft Visual Studio 2008 Shell (integrated mode) - CHT
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Language Pack - CHT
    Microsoft Word MUI (Chinese (Traditional)) 2013
    Microsoft Word MUI (English) 2013
    Microsoft X MUI (English) 2013
    Microtek ScanWizard
    MINITAB 14
    MP3 Cutter 1.1.1
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 8 Lite
    NetTalk By True
    Nitro Pro 8
    Notepad++
    Outils de vérification linguistique 2013 de Microsoft Office - Français
    PDF-Viewer
    PowerDVD
    R for Windows 3.1.0
    Realtek High Definition Audio Driver
    Renesas Electronics USB 3.0 Host Controller Driver
    RStudio
    ScanWizard 5
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft SharePoint Designer 2013 (KB2752096) 64-Bit Edition
    Security Update for Microsoft SharePoint Designer 2013 (KB2863836) 64-Bit Edition
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
    Skype Click to Call
    Skype™ 6.16
    Smart Card Reader Driver 1.0.7.73
    SPSS 16.0
    SQL Server 2008 (KB2546951) ? Service Pack 3 (64-bit)
    SQL Server 2008 R2 ? Service Pack 1 (KB2528583) (64-bit)
    SQL Server 2008 R2 Reporting Services
    SQL Server 2008 R2 SP1 Analysis Services
    SQL Server 2008 R2 SP1 BI Development Studio
    SQL Server 2008 R2 SP1 Client Tools
    SQL Server 2008 R2 SP1 Common Files
    SQL Server 2008 R2 SP1 Database Engine Services
    SQL Server 2008 R2 SP1 Database Engine Shared
    SQL Server 2008 R2 SP1 Full text search
    SQL Server 2008 R2 SP1 Integration Services
    SQL Server 2008 R2 SP1 Management Studio
    SQL Server 2008 R2 SP1 Reporting Services
    Sql Server Customer Experience Improvement Program
    swMSM
    TreeAge Pro 2011
    TreeAge Pro Excel
    Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition
    Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition
    Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition
    Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition
    Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition
    Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition
    Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition
    Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition
    Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition
    Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
    Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition
    WebReg
    Weka 3.6.5
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Software Development Kit
    Windows Software Development Kit EULA
    WinRAR 4.11 (64-bit)
    Worms Reloaded
    WPT Redistributables
    WPTx64
    .
     
  7. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    ==== Event Viewer Messages From Past Week ========
    .
    10/9/2014 9:44:11 PM, Error: Service Control Manager [7031] - The Update Adanak service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/9/2014 10:02:06 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {0C0A3666-30C9-11D0-8F20-00805F2CD064} and APPID {9209B1A6-964A-11D0-9372-00A0C9034910} to the user USER-PC\Hendry Lukito SID (S-1-5-21-2917960761-3470745484-3326223250-1211) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    10/8/2014 2:15:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server Reporting Services (BUNJIRA) service to connect.
    10/8/2014 2:15:09 AM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (BUNJIRA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/8/2014 2:13:38 AM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 1922 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/12/2014 3:41:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ReportServer service.
    10/12/2014 3:37:29 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.146 did not allow the name to be claimed by this computer.
    10/12/2014 3:36:06 PM, Error: TermDD [50] - The RDP protocol component X.224 detected an error in the protocol stream and has disconnected the client.
    10/11/2014 5:12:03 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.183 did not allow the name to be claimed by this computer.
    10/11/2014 4:31:03 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.141 did not allow the name to be claimed by this computer.
    10/11/2014 2:14:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server Integration Services 10.0 service to connect.
    10/11/2014 2:14:27 AM, Error: Service Control Manager [7000] - The SQL Server Integration Services 10.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/11/2014 11:42:49 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB} because another computer on the network has the same name. The server could not start.
    10/11/2014 11:42:49 AM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.183 did not allow the name to be claimed by this computer.
    10/11/2014 11:42:27 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 569 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:41:36 AM, Error: Service Control Manager [7000] - The SQL Server (MSSQLSERVER) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/11/2014 11:41:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (MSSQLSERVER) service to connect.
    10/11/2014 11:41:11 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 568 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:40:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SQL Server (BUNJIRA) service to connect.
    10/11/2014 11:40:34 AM, Error: Service Control Manager [7000] - The SQL Server (BUNJIRA) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/11/2014 11:39:56 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 567 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:39:34 AM, Error: Service Control Manager [7000] - The ASPI32 service failed to start due to the following error: The system cannot find the file specified.
    10/11/2014 11:26:07 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/11/2014 11:26:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/11/2014 11:26:05 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/11/2014 11:26:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/11/2014 11:26:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/11/2014 11:26:03 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 556 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:26:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/11/2014 11:25:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/11/2014 11:25:28 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
    10/11/2014 11:25:27 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service TermService with arguments "" in order to run the server: {F9A874B6-F8A8-4D73-B5A8-AB610816828B}
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/11/2014 11:25:26 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/11/2014 11:24:48 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 555 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:23:32 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 554 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:22:16 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 553 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The TermService service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The ReportServer$BUNJIRA service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The PolicyAgent service was unable to log on as NT Authority\NetworkService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The MSSQLFDLauncher service was unable to log on as NT AUTHORITY\LOCALSERVICE with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The ICCS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7038] - The Dhcp service was unable to log on as NT Authority\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The SQL Server Reporting Services (BUNJIRA) service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The SQL Full-text Filter Daemon Launcher (MSSQLSERVER) service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Remote Desktop Services service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Portable Device Enumerator Service service failed to start due to the following error: A system shutdown is in progress.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Network Connections service failed to start due to the following error: A system shutdown is in progress.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Microsoft Network Inspection service failed to start due to the following error: The pipe has been ended.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The IPsec Policy Agent service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Intel(R) Integrated Clock Controller Service - Intel(R) ICCS service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The DHCP Client service failed to start due to the following error: The service did not start due to a logon failure.
    10/11/2014 11:22:14 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: A system shutdown is in progress.
    10/11/2014 11:21:00 PM, Error: Service Control Manager [7031] - The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 552 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    10/11/2014 11:20:24 AM, Error: NetBT [4321] - The name "USER-PC :20" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.141 did not allow the name to be claimed by this computer.
    10/11/2014 11:19:49 AM, Error: Service Control Manager [7024] -
    10/10/2014 4:20:19 PM, Error: NetBT [4321] - The name "USER-PC :0" could not be registered on the interface with IP address 140.118.101.123. The computer with the IP address 140.118.101.120 did not allow the name to be claimed by this computer.
    .
    ==== End Of File ===========================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  9. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    RogueKiller V10.0.1.0 [Oct 10 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Hendry Lukito [Administrator]
    Mode : Delete -- Date : 10/14/2014 23:09:22

    ¤¤¤ Processes : 2 ¤¤¤
    [Hj.Name|Suspicious.Path] dwm.exe -- C:\Users\Hendry Lukito\AppData\Local\Temp\msupdate71\dwm.exe[-] -> Killed [TermProc]
    [Suspicious.Path] rundll32.exe -- C:\Users\HENDRY~1\AppData\Local\Temp\mdi564.dll[-] -> Unloaded

    ¤¤¤ Registry : 20 ¤¤¤
    [Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Windows\CurrentVersion\Run | tsiVideo : C:\Windows\SysWOW64\rundll32.exe C:\Users\HENDRY~1\AppData\Local\Temp\\mdi564.dll,asdasd [7][-] -> Deleted
    [Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Windows\CurrentVersion\Run | tsiVideo : C:\Windows\SysWOW64\rundll32.exe C:\Users\HENDRY~1\AppData\Local\Temp\\mdi564.dll,asdasd -> ERROR [2]
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
    [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
    [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\RK_Hendry Lukito_ON_G_828B\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\RK_Hendry Lukito_ON_G_828B\Software\Microsoft\Internet Explorer\Main | Start Page : http://search.gboxapp.com/ -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
    [PUM.SearchPage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/...X-221CA1_WD-WCAYUZ76100161001&q={searchTerms} -> Not selected
    [PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : http://istart.webssearches.com/web/...X-221CA1_WD-WCAYUZ76100161001&q={searchTerms} -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_9C81\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 6 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000AAKX-221CA1 ATA Device +++++
    --- User ---
    [MBR] ed5c122b228d6dcfcc951f7614ade5b3
    [BSP] 3dd109c92acdeda14f172544d7033f6e : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 101 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 208845 | Size: 238370 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 488392065 | Size: 238464 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST4000DM000-1F2168 ATA Device +++++
    --- User ---
    [MBR] 8a668a7441e00a6fd579fa90e706b0f9
    [BSP] 2f28e7944086e2f0b154a1ea58adc9d3 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 1000000 MB
    2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048206848 | Size: 1097051 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Generic Storage Device USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic Storage Device USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_SCN_10142014_230756.log
     
  10. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.10.14.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.17280
    Hendry Lukito :: USER-PC [administrator]

    10/14/2014 11:21:58 PM
    mbar-log-2014-10-14 (23-21-58).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 461287
    Time elapsed: 14 minute(s), 6 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)


    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 11.0.9600.17280

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED, H:\ DRIVE_FIXED
    CPU speed: 3.400000 GHz
    Memory total: 29946507264, free: 21514215424

    Downloaded database version: v2014.10.14.09
    Downloaded database version: v2014.10.11.01
    =======================================
    Done!
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: 4FCC58E5

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63 Numsec = 208782
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 208845 Numsec = 488183220

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 488392065 Numsec = 488376000

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-976753168-976773168)...
    Done!
    Drive 1
    Scanning MBR on drive 1...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: B6A494A7

    Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048 Numsec = 204800
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848 Numsec = 2048000000

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048206848 Numsec = 2246760448

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 4000787030016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
    Removal finished
     
  11. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    I thought the RogueKiller was able to delete the dwm.exe in msupdate17 folder.
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I think it only killed that process.
    We'll keep checking.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  13. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    ComboFix 14-10-13.01 - Hendry Lukito 10/15/2014 11:15:39.1.8 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1028.18.28559.23647 [GMT 8:00]
    Running from: c:\users\Hendry Lukito\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 192 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\tbinst
    c:\windows\SysWow64\eventmgr.exe
    G:\install.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-09-15 to 2014-10-15 )))))))))))))))))))))))))))))))
    .
    .
    2014-10-15 03:21 . 2014-10-15 03:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-10-14 15:21 . 2014-10-14 15:36 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-10-14 15:04 . 2014-10-14 15:04 -------- d-----w- c:\users\Hendry Lukito\AppData\Local\CrashDumps
    2014-10-14 15:03 . 2014-10-14 15:03 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-10-14 15:03 . 2014-10-14 15:03 -------- d-----w- c:\programdata\RogueKiller
    2014-10-14 03:50 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5EE1B628-0D11-4D30-8815-8989E1A984E0}\mpengine.dll
    2014-10-13 03:50 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-10-11 10:35 . 2014-10-11 10:35 -------- d-----w- C:\temp
    2014-10-10 18:31 . 2014-10-15 03:16 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-10-10 18:30 . 2014-10-15 02:58 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-10-10 18:30 . 2014-10-10 18:30 -------- d-----w- c:\programdata\Malwarebytes
    2014-10-10 18:30 . 2014-10-01 03:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-10-10 18:30 . 2014-10-01 03:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-10-10 18:30 . 2014-10-01 03:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-10-10 17:45 . 2014-10-10 17:45 -------- d-----w- c:\program files (x86)\Windows Kits
    2014-10-10 17:44 . 2014-10-10 17:45 -------- d-----w- c:\programdata\Package Cache
    2014-10-10 06:29 . 2014-10-10 06:29 -------- d-----w- c:\users\Hendry Lukito\AppData\Local\SRS Labs
    2014-10-10 06:29 . 2010-04-28 02:32 158576 ----a-w- c:\windows\system32\drivers\SRS_PremSoundMon_amd64.sys
    2014-10-10 06:26 . 2014-10-10 06:26 -------- d-----w- c:\program files (x86)\ViewSonic
    2014-10-09 13:43 . 2014-10-09 13:45 -------- d-----w- c:\users\Hendry Lukito\AppData\Roaming\337Games
    2014-10-09 13:41 . 2014-10-09 13:41 -------- d-----w- c:\users\Hendry Lukito\AppData\Roaming\SimpleFiles
    2014-10-09 10:58 . 2014-10-09 10:58 -------- d-----w- c:\program files (x86)\MathWave
    2014-10-03 04:54 . 2014-09-16 19:42 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{88FE5B43-4AE3-420A-AF36-C4FFC838A2AD}\gapaengine.dll
    2014-10-01 14:07 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
    2014-10-01 14:07 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
    2014-09-24 07:11 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
    2014-09-24 07:11 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2014-09-23 05:58 . 2014-09-23 05:58 -------- d-----w- c:\users\Hendry Lukito\AppData\Roaming\MedCalc Software
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-09-24 03:57 . 2012-07-15 11:30 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-09-24 03:57 . 2011-09-21 01:17 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-09-22 06:42 . 2011-09-21 01:31 278152 ------w- c:\windows\system32\MpSigStub.exe
    2014-09-16 19:42 . 2014-08-13 12:33 1188440 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-09-12 01:47 . 2011-03-28 10:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-09-11 19:01 . 2011-09-21 01:33 101694776 ----a-w- c:\windows\system32\MRT.exe
    2014-09-05 02:10 . 2014-09-11 15:36 578048 ----a-w- c:\windows\system32\aepdu.dll
    2014-09-05 02:05 . 2014-09-11 15:36 424448 ----a-w- c:\windows\system32\aeinv.dll
    2014-08-23 02:07 . 2014-08-27 18:58 404480 ----a-w- c:\windows\system32\gdi32.dll
    2014-08-23 01:45 . 2014-08-27 18:58 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-08-23 00:59 . 2014-08-27 18:58 3163648 ----a-w- c:\windows\system32\win32k.sys
    2014-08-19 18:05 . 2014-09-11 19:12 374968 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-08-18 23:01 . 2014-09-11 19:12 23591424 ----a-w- c:\windows\system32\mshtml.dll
    2014-08-18 22:29 . 2014-09-11 19:12 2724864 ----a-w- c:\windows\system32\mshtml.tlb
    2014-08-18 22:29 . 2014-09-11 19:12 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
    2014-08-18 22:20 . 2014-09-11 19:12 2793984 ----a-w- c:\windows\system32\iertutil.dll
    2014-08-18 22:19 . 2014-09-11 19:12 5833728 ----a-w- c:\windows\system32\jscript9.dll
    2014-08-18 22:15 . 2014-09-11 19:12 547328 ----a-w- c:\windows\system32\vbscript.dll
    2014-08-18 22:15 . 2014-09-11 19:12 66048 ----a-w- c:\windows\system32\iesetup.dll
    2014-08-18 22:14 . 2014-09-11 19:12 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
    2014-08-18 22:14 . 2014-09-11 19:12 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
    2014-08-18 22:08 . 2014-09-11 19:12 51200 ----a-w- c:\windows\system32\jsproxy.dll
    2014-08-18 22:08 . 2014-09-11 19:12 4232704 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-08-18 22:08 . 2014-09-11 19:12 33792 ----a-w- c:\windows\system32\iernonce.dll
    2014-08-18 22:05 . 2014-09-11 19:12 596480 ----a-w- c:\windows\system32\ieui.dll
    2014-08-18 22:03 . 2014-09-11 19:12 139264 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-08-18 22:03 . 2014-09-11 19:12 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
    2014-08-18 22:03 . 2014-09-11 19:12 758272 ----a-w- c:\windows\system32\jscript9diag.dll
    2014-08-18 21:57 . 2014-09-11 19:12 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-08-18 21:56 . 2014-09-11 19:12 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-08-18 21:51 . 2014-09-11 19:12 446464 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-08-18 21:46 . 2014-09-11 19:12 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-08-18 21:45 . 2014-09-11 19:12 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-08-18 21:45 . 2014-09-11 19:12 72704 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
    2014-08-18 21:44 . 2014-09-11 19:12 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
    2014-08-18 21:44 . 2014-09-11 19:12 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
    2014-08-18 21:40 . 2014-09-11 19:12 195584 ----a-w- c:\windows\system32\msrating.dll
    2014-08-18 21:39 . 2014-09-11 19:12 85504 ----a-w- c:\windows\system32\mshtmled.dll
    2014-08-18 21:38 . 2014-09-11 19:12 289280 ----a-w- c:\windows\system32\dxtrans.dll
    2014-08-18 21:36 . 2014-09-11 19:12 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-08-18 21:35 . 2014-09-11 19:12 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
    2014-08-18 21:25 . 2014-09-11 19:12 727040 ----a-w- c:\windows\system32\msfeeds.dll
    2014-08-18 21:25 . 2014-09-11 19:12 707072 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-08-18 21:23 . 2014-09-11 19:12 2104832 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-08-18 21:23 . 2014-09-11 19:12 1249280 ----a-w- c:\windows\system32\mshtmlmedia.dll
    2014-08-18 21:22 . 2014-09-11 19:12 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
    2014-08-18 21:16 . 2014-09-11 19:12 13588480 ----a-w- c:\windows\system32\ieframe.dll
    2014-08-18 21:15 . 2014-09-11 19:12 2310656 ----a-w- c:\windows\system32\wininet.dll
    2014-08-18 21:08 . 2014-09-11 19:12 2014208 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-08-18 21:07 . 2014-09-11 19:12 1068032 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
    2014-08-18 20:55 . 2014-09-11 19:12 1447424 ----a-w- c:\windows\system32\urlmon.dll
    2014-08-18 20:46 . 2014-09-11 19:12 1812992 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-08-18 20:38 . 2014-09-11 19:12 775168 ----a-w- c:\windows\system32\ieapfltr.dll
    2014-08-07 12:01 . 2014-08-07 12:01 283064 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2014-08-07 09:48 . 2014-08-07 09:48 319912 ----a-w- c:\windows\system32\javaws.exe
    2014-08-07 09:48 . 2014-08-07 09:48 189352 ----a-w- c:\windows\system32\javaw.exe
    2014-08-07 09:48 . 2014-08-07 09:48 189352 ----a-w- c:\windows\system32\java.exe
    2014-08-07 09:48 . 2014-08-07 09:48 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
    2014-08-07 09:30 . 2014-08-07 09:30 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-08-01 11:53 . 2014-09-11 15:37 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
    2014-08-01 11:35 . 2014-09-11 15:37 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
    2014-07-24 18:35 . 2014-07-24 18:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
    2014-07-24 15:47 . 2014-07-24 15:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
    2014-07-17 10:05 . 2014-07-17 10:05 269008 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2014-07-17 10:05 . 2014-03-11 01:52 125584 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-07-27 03:45 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-07-27 03:45 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-07-27 03:45 1730256 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "GoogleChromeAutoLaunch_66BA88EA9C7239110C272E4BEFBBD499"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-01 854344]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2014-07-23 3858000]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-10-05 112152]
    "USBestCR"="c:\program files (x86)\SmartCardReader\iconcs236856.exe" [2011-09-21 7377920]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
    "PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
    "BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2009-11-19 75048]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
    "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-01-03 36760]
    "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2012-01-03 815512]
    "HPUsageTracking"="c:\program files (x86)\HP\HP UT\bin\hppusg.exe" [2009-10-06 30264]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MSOLAP$BUNJIRA;SQL Server Analysis Services (BUNJIRA);c:\program files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe;c:\program files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe [x]
    R2 MSSQL$BUNJIRA;SQL Server (BUNJIRA);c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe;c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe [x]
    R2 ReportServer$BUNJIRA;SQL Server Reporting Services (BUNJIRA);c:\program files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 MSSQLFDLauncher$BUNJIRA;SQL Full-text Filter Daemon Launcher (BUNJIRA);c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe [x]
    R3 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe;c:\program files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SQLAgent$BUNJIRA;SQL Server Agent (BUNJIRA);c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\SQLAGENT.EXE [x]
    R3 SRS_PremSoundMon;SRS for Monitors;c:\windows\system32\drivers\srs_PremSoundMon_amd64.sys;c:\windows\SYSNATIVE\drivers\srs_PremSoundMon_amd64.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
    R4 RsFx0151;RsFx0151 Driver;c:\windows\system32\DRIVERS\RsFx0151.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0151.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
    S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/09/21 09:03];c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [x]
    S2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv64.exe;c:\windows\SYSNATIVE\afasrv64.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [x]
    S2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe;c:\program files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [x]
    S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\NLSSRV32.EXE;c:\windows\SysWOW64\NLSSRV32.EXE [x]
    S2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe;c:\program files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
    S3 IntcDAud;Intel(R) ?????;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MHIKEY10;MHIKEY10;c:\windows\system32\Drivers\MHIKEY10x64.sys;c:\windows\SYSNATIVE\Drivers\MHIKEY10x64.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMPROTECTOR
    *NewlyCreated* - MBAMSWISSARMY
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-10-07 21:45 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.101\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-10-15 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-15 03:57]
    .
    2014-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core.job
    - c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10 14:06]
    .
    2014-10-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA.job
    - c:\users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10 14:06]
    .
    2014-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07 06:39]
    .
    2014-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07 06:39]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
    @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
    [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
    2014-07-27 03:41 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
    @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
    [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
    2014-07-27 03:41 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
    @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
    [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
    2014-07-27 03:41 2335960 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2014-04-21 10:02 25112 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "USBestCR"="c:\program files (x86)\SmartCardReader\iconcs236856.exe" [2011-09-21 7377920]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-14 172016]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-14 399856]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-14 442352]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 1331288]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = www.google.com
    mDefault_Search_URL = www.google.com
    mDefault_Page_URL = www.google.com
    mStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1412862138&from=exp&uid=WDCXWD5000AAKX-221CA1_WD-WCAYUZ76100161001&q={searchTerms}
    IE: ??? Microsoft Excel(&X)
    IE: ??? OneNote(&N)
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: ??? OneNote(&N) - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
    IE: ??? Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
    TCP: Interfaces\{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB}: NameServer = 8.8.8.8,8.8.4.4
    Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    Wow6432Node-HKCU-Run-SRS Premium Sound - c:\program files\SRS Labs\Premium Sound for Monitors\SRSPremiumSound_x64.exe
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\Hendry Lukito\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
    c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
    "ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden]
    "{2338F5D5-2437-4FC3-9005-A01804321264}"="AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAIN4YaXEkdkWch2iBh+uVTQAAAAACAAAAAAAQZgAAAAEAACAAAABBsASF72sZkOOBeMlb/cqbD1F6jF3g3py6pTZWs7YhdAAAAAAOgAAAAAIAACAAAACOfPYbPTFjwsrc1FpJsHPOuvdoe6IDFMhyXsqT3NrIPSAAAADItYYQdQDGXZOD/2/U5KnOB7dDA8ykI2VKhTQF1f+AdkAAAADi7wuADZ6OUU20DLzU+/xtuqesq/qJpq8p095NQDrFJqrhhXqDG811WsN2Puls4I0sfkPb4ZPdN/Run0crYu8m"
    .
    [HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{130F8154-E804-4BD5-A07B-35BE69039715}\{A730F6F3-255C-417C-8986-2C578500547E}*Hidden\DeltaClock]
    "LastSynchronizationClock"=hex(b):70,10,76,99,67,8d,d1,08
    "DeltaClock"=hex(b):04,e5,d4,fa,ff,ff,ff,ff
    "LastNtpServer"="time.nist.gov"
    .
    [HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):6f,6e,e1,3a,e0,ce,4f,63,2f,2e,06,82,63,8d,da,0e,df,14,36,c5,36,
    16,65,4b,71,b3,e3,41,ec,a2,74,27,39,13,d4,86,ff,45,a8,96,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2917960761-3470745484-3326223250-1211_Classes\Wow6432Node\CLSID\{abde0e78-4553-4383-895e-b355c633ebe5}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000011b
    "Therad"=dword:00000002
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\³Pó *O*n*e*N*o*t*e* *2*0*1*3*\DsDriver]
    "printBinNames"=multi:"\00\00"
    "printCollate"=hex:00
    "printColor"=hex:01
    "printDuplexSupported"=hex:00
    "printStaplingSupported"=hex:00
    "printMaxXExtent"=dword:00000b9a
    "printMaxYExtent"=dword:000010de
    "printMinXExtent"=dword:000003d8
    "printMinYExtent"=dword:00000771
    "printMediaSupported"=multi:"Letter\00Tabloid\00Legal\00Executive\00A3\00A4\00B4 (JIS)\00B5 (JIS)\00Envelope #10\00Envelope Monarch\00Custom\00\00"
    "printMediaReady"=multi:"A4\00\00"
    "printNumberUp"=dword:00000000
    "printMemory"=dword:00008000
    "printOrientationsSupported"=multi:"PORTRAIT\00LANDSCAPE\00\00"
    "printMaxResolutionSupported"=dword:000004b0
    "printLanguage"=multi:"\00\00"
    "printRateUnit"=""
    "driverVersion"=dword:00000401
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\³Pó *O*n*e*N*o*t*e* *2*0*1*3*\DsSpooler]
    "driverName"="Send to Microsoft OneNote 15 Driver"
    "portName"=multi:"nul:\00\00"
    "printStartTime"=dword:00000000
    "printEndTime"=dword:00000000
    "printerName"="??? OneNote 2013"
    "printKeepPrintedJobs"=hex:00
    "printSpooling"="PrintAfterSpooled"
    "priority"=dword:00000001
    "uNCName"="\\\\USER-PC\\??? OneNote 2013"
    "serverName"="USER-PC"
    "shortServerName"="USER-PC"
    "versionNumber"=dword:00000004
    "flags"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\³Pó *O*n*e*N*o*t*e* *2*0*1*3*\PrinterDriverData]
    "InitDriverVersion"=dword:00000600
    "Model"="Send To OneNote Driver"
    "FreeMem"=hex:00,80,00,00
    "PrinterDataSize"=dword:00000230
    "PrinterData"=hex:00,06,30,02,81,08,00,00,00,f8,ba,01,00,00,00,00,00,00,00,00,
    64,00,58,02,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,ac,13,d8,c0,01,\
    "FeatureKeywordSize"=dword:00000012
    "FeatureKeyword"=hex:4d,65,6d,6f,72,79,00,33,32,37,36,38,4b,42,00,0a,00,00
    "Forms?"=dword:c0d813ac
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR A S U S 4
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 1 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR A S U S 4
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 2 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR A S U S 4
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 3 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR B U N J I R A
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 1 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR B U N J I R A
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 2 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR B U N J I R A
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 3 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR I M 1
    N„v H P L a s e r J e t 2 4 2 0 P C L 6 ( Í‘°e\T 1 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR I M 1
    N„v H P L a s e r J e t 2 4 2 0 P C L 6 ( Í‘°e\T 2 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR I M 1
    N„v H P L a s e r J e t 2 4 2 0 P C L 6 ( Í‘°e\T 3 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v H P L a s e r J e t 2 4 2 0 ( Í‘°e\T 1 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v H P L a s e r J e t 2 4 2 0 ( Í‘°e\T 2 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v H P L a s e r J e t 2 4 2 0 ( Í‘°e\T 3 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 1 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 2 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v M I c r o s o f t X P S D o c u m e n t W r I t e r ( Í‘°e\T 3 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v S e n d T o O n e N o t e 2 0 0 7 ( Í‘°e\T 1 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v S e n d T o O n e N o t e 2 0 0 7 ( Í‘°e\T 2 ) ]
    "PrinterOnLine"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Hardware Profiles\0001\System\CurrentControlSet\Control\Print\Printers\êÕR M E L A N I
    N„v S e n d T o O n e N o t e 2 0 0 7 ( Í‘°e\T 3 ) ]
    "PrinterOnLine"=dword:00000000
    .
    Completion time: 2014-10-15 11:23:02
    ComboFix-quarantined-files.txt 2014-10-15 03:23
    .
    Pre-Run: 44,957,704,192 bytes free
    Post-Run: 55,452,467,200 bytes free
    .
    - - End Of File - - 4AEB144456971F6A75F2381070DBAB24
    A36C5E4F47E84449FF07ED3517B43A31
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  15. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    The Adwcleaner delete this file: C:\Windows\System32\roboot64.exe
    since it is located in system32 folder, I'm little bit affraid. what is that file?


    # AdwCleaner v4.000 - Report created 18/10/2014 at 11:54:23
    # DB v2014-10-17.9
    # Updated 12/10/2014 by Xplode
    # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Username : Hendry Lukito - USER-PC
    # Running from : C:\Users\Hendry Lukito\Desktop\adwcleaner_4.000.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\Users\Hendry Lukito\AppData\Roaming\337Games
    Folder Deleted : C:\Users\USER\AppData\Local\apn
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\Users\evan\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\MA007\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Users\USER\AppData\LocalLow\AskToolbar
    Folder Deleted : C:\Program Files\Babylon
    Folder Deleted : C:\Program Files (x86)\globalUpdate
    Folder Deleted : C:\Users\USER\AppData\Local\globalUpdate
    Folder Deleted : C:\Users\Hendry Lukito\AppData\Roaming\SimpleFiles
    Folder Deleted : C:\Users\USER\AppData\Roaming\Systweak
    Folder Deleted : C:\Program Files (x86)\Uniblue
    Folder Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8jl5wepm.default\Extensions\bbrs_002@blabbers.com
    Folder Deleted : C:\Users\evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
    Folder Deleted : C:\Users\MA007\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej
    Folder Deleted : C:\Users\MA007\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Folder Deleted : C:\Users\USER\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    File Deleted : C:\Windows\System32\roboot64.exe
    File Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8jl5wepm.default\searchplugins\Askcom.xml
    File Deleted : C:\Users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\8jl5wepm.default\user.js

    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\clbfjfbnelcflpgpklppgplejolacbej
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\softonic_ggl_1_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3 (1)_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3 (1)_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_firefox-3_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freemind_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_freemind_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_kmplayer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_pdf-xchange-viewer_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger(2)_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger(2)_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASAPI32
    Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_windows-live-messenger_RASMANCS
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
    Key Deleted : HKCU\Software\BrowserCompanion
    Key Deleted : HKCU\Software\SimpleFiles
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\PIP
    Key Deleted : HKLM\SOFTWARE\SimpleFiles
    Key Deleted : HKLM\SOFTWARE\SoftwareUpdater
    Key Deleted : HKLM\SOFTWARE\Uniblue
    Key Deleted : HKLM\SOFTWARE\Vittalia
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.17344

    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

    -\\ Google Chrome v38.0.2125.101

    Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}

    *************************

    AdwCleaner[R0].txt - [12425 octets] - [18/10/2014 11:50:19]
    AdwCleaner[S0].txt - [12157 octets] - [18/10/2014 11:54:23]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12218 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.3.3 (10.14.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Hendry Lukito on Sat 10/18/2014 at 12:01:15.87
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\rcpsetup_softonic_englobal_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\rcpsetup_softonic_englobal_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\rcpsetup_softonic_englobal_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\rcpsetup_softonic_englobal_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{60845B29-42A7-4F2E-AC43-EAC7E4A7FED1}



    ~~~ Files



    ~~~ Folders



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 10/18/2014 at 12:03:54.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
    Ran by Hendry Lukito (administrator) on USER-PC on 18-10-2014 12:06:38
    Running from C:\Users\Hendry Lukito\Desktop
    Loaded Profile: Hendry Lukito (Available profiles: USER & MA007 & Hendry Lukito)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Chinese (Traditional, Taiwan)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    () C:\Windows\SysWOW64\afasrv64.exe
    (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Program Files (x86)\SmartCardReader\iconcs236856.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
    (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
    (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
    (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [USBestCR] => C:\Program Files (x86)\SmartCardReader\iconcs236856.exe [7377920 2011-09-21] ()
    HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
    HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2010-10-05] (Intel Corporation)
    HKLM-x32\...\Run: [USBestCR] => C:\Program Files (x86)\SmartCardReader\iconcs236856.exe [7377920 2011-09-21] ()
    HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
    HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
    HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2009-04-27] (CyberLink Corp.)
    HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2009-11-20] (cyberlink)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [815512 2012-01-03] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [30264 2009-10-06] (Hewlett-Packard Company)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-2917960761-3470745484-3326223250-1211\...\Run: [GoogleChromeAutoLaunch_66BA88EA9C7239110C272E4BEFBBD499] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-10] (Google Inc.)
    HKU\S-1-5-21-2917960761-3470745484-3326223250-1211\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3858000 2014-07-23] (Tonec Inc.)
    HKU\S-1-5-21-2917960761-3470745484-3326223250-1211\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (Tonec Inc.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBBCDA8A0E1B6CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    BHO-x32: Windows Live ID 登入協助程式 -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\..\Interfaces\{AE203A2D-0C1A-4E2E-8C0C-00C4F1C958EB}: [NameServer] 8.8.8.8,8.8.4.4

    FireFox:
    ========
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @Tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-06-11]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-06-18]
    FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Hendry Lukito\AppData\Roaming\IDM\idmmzcc5
    FF Extension: IDM CC - C:\Users\Hendry Lukito\AppData\Roaming\IDM\idmmzcc5 [2014-08-07]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.facebook.com/
    CHR StartupUrls: Default -> "hxxp://www.facebook.com/"
    CHR Profile: C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-07]
    CHR Extension: (Google Drive) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-07]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-07]
    CHR Extension: (YouTube) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-07]
    CHR Extension: (Google Search) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-07]
    CHR Extension: (Google Science Fair 2013) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpjffdefaanlfiepeblccfimklhmonjf [2014-08-07]
    CHR Extension: (Photo Zoom for Facebook) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-07]
    CHR Extension: (Photo Zoom for Twitter) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\eohjkphdfajdfhpmdaedemmgmbidbldc [2014-08-07]
    CHR Extension: (TiltShiftMaker) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjjofhgnhekhkccpcnnloagmdpafifeo [2014-08-07]
    CHR Extension: (IDM Integration Module) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-08-07]
    CHR Extension: (Classic Retweet) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\mejfljhfeahhhicjefeehikaooffggmf [2014-10-17]
    CHR Extension: (Google Wallet) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-07]
    CHR Extension: (Gmail) - C:\Users\Hendry Lukito\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-07]
    CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-07-23]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AfaService; C:\Windows\SysWOW64\afasrv64.exe [73728 2011-09-21] () [File not signed]
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220104 2012-06-12] (Microsoft Corporation)
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
    S2 MSOLAP$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSAS10.BUNJIRA\OLAP\bin\msmdsrv.exe [43801448 2011-09-22] (Microsoft Corporation)
    S2 MSSQL$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\sqlservr.exe [58387104 2014-07-12] (Microsoft Corporation)
    R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
    S3 MSSQLFDLauncher$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\fdlauncher.exe [34840 2008-07-10] (Microsoft Corporation)
    R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [62118344 2012-06-12] (Microsoft Corporation)
    R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\bin\msmdsrv.exe [54791520 2011-06-17] (Microsoft Corporation)
    R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
    S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
    R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-06] (Nitro PDF Software)
    R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
    S2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2180960 2011-06-17] (Microsoft Corporation)
    S2 ReportServer$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSRS10.BUNJIRA\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2084712 2011-09-22] (Microsoft Corporation)
    S3 SQLAgent$BUNJIRA; C:\Program Files\Microsoft SQL Server\MSSQL10.BUNJIRA\MSSQL\Binn\SQLAGENT.EXE [441504 2014-07-12] (Microsoft Corporation)
    S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [441288 2012-06-12] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 ASPI32; No ImagePath
    R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-08-07] (Disc Soft Ltd)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-18] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
    S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
    R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
    S3 SRS_PremSoundMon; C:\Windows\System32\drivers\srs_PremSoundMon_amd64.sys [158576 2010-04-28] ()
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-14] ()
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD}; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\000.fcl [146928 2009-11-19] (CyberLink Corp.)
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
     
  17. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-18 12:06 - 2014-10-18 12:07 - 00025711 _____ () C:\Users\Hendry Lukito\Desktop\FRST.txt
    2014-10-18 12:06 - 2014-10-18 12:06 - 00000000 ____D () C:\FRST
    2014-10-18 12:03 - 2014-10-18 12:03 - 00001289 _____ () C:\Users\Hendry Lukito\Desktop\JRT.txt
    2014-10-18 12:01 - 2014-10-18 12:01 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-18 11:56 - 2014-10-18 11:56 - 00000000 ___RD () C:\Users\Hendry Lukito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 9
    2014-10-18 11:50 - 2014-10-18 11:54 - 00000000 ____D () C:\AdwCleaner
    2014-10-18 11:49 - 2014-10-18 11:49 - 02112000 _____ (Farbar) C:\Users\Hendry Lukito\Desktop\FRST64.exe
    2014-10-18 11:48 - 2014-10-18 11:48 - 01976320 _____ () C:\Users\Hendry Lukito\Desktop\adwcleaner_4.000.exe
    2014-10-18 11:48 - 2014-10-18 11:48 - 01705698 _____ (Thisisu) C:\Users\Hendry Lukito\Desktop\JRT.exe
    2014-10-18 11:46 - 2014-10-18 11:46 - 00000174 _____ () C:\Users\Hendry Lukito\Documents\a.txt
    2014-10-15 23:27 - 2014-10-07 10:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-15 23:27 - 2014-10-07 10:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-15 23:27 - 2014-09-26 06:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-15 23:27 - 2014-09-26 06:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-15 23:27 - 2014-09-26 06:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-15 23:27 - 2014-09-26 06:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-15 23:27 - 2014-09-26 06:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-15 23:27 - 2014-09-26 06:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-15 23:27 - 2014-09-26 06:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-15 23:27 - 2014-09-19 10:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-15 23:27 - 2014-09-19 09:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-15 23:27 - 2014-09-19 09:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-15 23:27 - 2014-09-19 09:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-15 23:27 - 2014-09-19 09:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-15 23:27 - 2014-09-19 09:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-15 23:27 - 2014-09-19 09:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-15 23:27 - 2014-09-19 09:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-15 23:27 - 2014-09-19 09:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-15 23:27 - 2014-09-19 09:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-15 23:27 - 2014-09-19 09:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-15 23:27 - 2014-09-19 09:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-15 23:27 - 2014-09-19 09:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-15 23:27 - 2014-09-19 09:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-15 23:27 - 2014-09-19 09:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-15 23:27 - 2014-09-19 09:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-15 23:27 - 2014-09-19 09:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-15 23:27 - 2014-09-19 09:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-15 23:27 - 2014-09-19 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-15 23:27 - 2014-09-19 09:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-15 23:27 - 2014-09-19 09:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-15 23:27 - 2014-09-19 09:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-15 23:27 - 2014-09-19 09:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-15 23:27 - 2014-09-19 09:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-15 23:27 - 2014-09-19 09:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-15 23:27 - 2014-09-19 09:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-15 23:27 - 2014-09-19 08:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-15 23:27 - 2014-09-19 08:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-15 23:27 - 2014-09-19 08:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-15 23:27 - 2014-09-19 08:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-15 23:27 - 2014-09-19 08:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-15 23:27 - 2014-09-19 08:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-15 23:27 - 2014-09-19 08:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-15 23:27 - 2014-09-19 08:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-15 23:27 - 2014-09-19 08:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-15 23:27 - 2014-09-19 08:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-15 23:27 - 2014-09-19 08:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-15 23:27 - 2014-09-19 08:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-15 23:27 - 2014-09-19 08:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-15 23:27 - 2014-09-19 08:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-15 23:27 - 2014-09-19 08:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-15 23:27 - 2014-09-19 08:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-15 23:27 - 2014-09-19 08:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-15 23:27 - 2014-09-19 07:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-15 23:27 - 2014-09-19 07:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-15 23:27 - 2014-09-19 07:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-15 23:27 - 2014-09-19 07:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-15 23:26 - 2014-09-29 08:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-15 23:26 - 2014-06-19 06:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-15 23:26 - 2014-06-19 06:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-15 23:26 - 2014-06-19 06:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-15 23:26 - 2014-06-19 06:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-15 23:26 - 2014-06-19 06:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-15 23:26 - 2014-06-19 06:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-15 23:25 - 2014-08-19 11:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
    2014-10-15 23:25 - 2014-08-19 11:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
    2014-10-15 23:25 - 2014-08-19 11:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-10-15 23:25 - 2014-08-19 11:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2014-10-15 23:25 - 2014-08-19 11:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2014-10-15 23:25 - 2014-08-19 11:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2014-10-15 23:25 - 2014-08-19 11:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2014-10-15 23:25 - 2014-08-19 11:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2014-10-15 23:25 - 2014-08-19 11:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2014-10-15 23:25 - 2014-08-19 11:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2014-10-15 23:25 - 2014-08-19 10:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
    2014-10-15 23:25 - 2014-08-19 10:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-15 23:25 - 2014-08-19 10:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2014-10-15 23:25 - 2014-07-07 10:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-10-15 23:25 - 2014-07-07 10:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2014-10-15 23:25 - 2014-07-07 10:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-10-15 23:25 - 2014-07-07 10:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2014-10-15 23:25 - 2014-07-07 10:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2014-10-15 23:25 - 2014-07-07 10:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2014-10-15 23:25 - 2014-07-07 10:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2014-10-15 23:25 - 2014-07-07 10:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2014-10-15 23:25 - 2014-07-07 10:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2014-10-15 23:25 - 2014-07-07 10:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2014-10-15 23:25 - 2014-07-07 10:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2014-10-15 23:25 - 2014-07-07 09:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2014-10-15 23:25 - 2014-07-07 09:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
    2014-10-15 23:25 - 2014-07-07 09:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
    2014-10-15 23:25 - 2014-07-07 09:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
    2014-10-15 23:25 - 2014-07-07 09:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-15 23:25 - 2014-07-07 09:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-15 23:25 - 2014-07-07 09:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-15 23:25 - 2014-07-07 09:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
    2014-10-15 23:25 - 2014-07-07 09:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
    2014-10-15 23:25 - 2014-07-07 09:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
    2014-10-15 23:25 - 2014-06-28 08:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2014-10-15 23:25 - 2014-06-28 08:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2014-10-15 23:25 - 2014-06-28 08:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
    2014-10-15 23:23 - 2014-10-10 10:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-15 23:23 - 2014-10-10 10:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-15 23:23 - 2014-10-10 10:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-15 23:18 - 2014-09-18 10:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-15 23:18 - 2014-09-18 09:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-15 23:18 - 2014-08-29 10:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-15 23:17 - 2014-09-13 09:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-15 23:17 - 2014-09-13 09:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-15 23:17 - 2014-09-05 10:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-15 23:17 - 2014-09-05 09:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-15 23:17 - 2014-09-04 13:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-15 23:17 - 2014-09-04 13:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-15 23:17 - 2014-07-17 10:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-15 23:17 - 2014-07-17 10:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-15 23:17 - 2014-07-17 10:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-15 23:17 - 2014-07-17 10:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-15 23:17 - 2014-07-17 10:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-15 23:17 - 2014-07-17 10:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-15 23:17 - 2014-07-17 09:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-15 23:17 - 2014-07-17 09:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-15 23:17 - 2014-07-17 09:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-15 23:17 - 2014-07-17 09:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-15 23:17 - 2014-07-17 09:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-15 21:24 - 2014-10-15 21:24 - 00063524 _____ () C:\Users\Hendry Lukito\Downloads\amoy.au
    2014-10-15 17:12 - 2014-10-15 17:12 - 00002530 _____ () C:\Users\Hendry Lukito\Downloads\sciencef3eedbac.ris
    2014-10-15 11:23 - 2014-10-15 11:23 - 00039527 _____ () C:\ComboFix.txt
    2014-10-15 11:14 - 2014-10-15 11:23 - 00000000 ____D () C:\Qoobox
    2014-10-15 11:14 - 2014-10-15 11:23 - 00000000 ____D () C:\ComboFix
    2014-10-15 11:14 - 2014-10-15 11:22 - 00000000 ____D () C:\Windows\erdnt
    2014-10-15 11:14 - 2011-06-26 14:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-10-15 11:14 - 2010-11-08 01:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-10-15 11:14 - 2009-04-20 12:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-10-15 11:14 - 2000-08-31 08:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-10-15 11:14 - 2000-08-31 08:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-10-15 11:14 - 2000-08-31 08:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-10-15 11:14 - 2000-08-31 08:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-10-15 11:14 - 2000-08-31 08:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-10-15 11:09 - 2014-10-15 11:09 - 05582915 ____R (Swearware) C:\Users\Hendry Lukito\Desktop\ComboFix.exe
    2014-10-14 23:21 - 2014-10-14 23:36 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-14 23:18 - 2014-10-14 23:36 - 00000000 ____D () C:\Users\Hendry Lukito\Desktop\mbar
    2014-10-14 23:17 - 2014-10-14 23:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Hendry Lukito\Desktop\mbar-1.07.0.1012.exe
    2014-10-14 23:04 - 2014-10-14 23:04 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Local\CrashDumps
    2014-10-14 23:03 - 2014-10-14 23:03 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-10-14 23:03 - 2014-10-14 23:03 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-10-14 23:01 - 2014-10-14 23:01 - 15677528 _____ () C:\Users\Hendry Lukito\Desktop\RogueKiller.exe
    2014-10-12 15:42 - 2014-10-12 15:42 - 00536242 _____ () C:\Users\Hendry Lukito\Desktop\attach.txt
    2014-10-12 15:42 - 2014-10-12 15:42 - 00023976 _____ () C:\Users\Hendry Lukito\Desktop\dds.txt
    2014-10-12 15:39 - 2014-10-12 15:39 - 00688992 ____R (Swearware) C:\Users\Hendry Lukito\Downloads\dds.com
    2014-10-12 15:37 - 2014-10-12 15:37 - 00001068 _____ () C:\Users\Hendry Lukito\Desktop\Scan mbam.txt
    2014-10-12 01:45 - 2014-10-12 01:45 - 45744128 _____ () C:\DPC_Interrupt.etl
    2014-10-11 18:35 - 2014-10-11 18:35 - 00000000 ____D () C:\temp
    2014-10-11 02:31 - 2014-10-18 11:58 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-10-11 02:30 - 2014-10-15 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-10-11 02:30 - 2014-10-15 10:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-10-11 02:30 - 2014-10-11 02:30 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-10-11 02:30 - 2014-10-11 02:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-11 02:30 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-10-11 02:30 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-10-11 02:30 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-10-11 02:29 - 2014-10-11 02:29 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Hendry Lukito\Downloads\mbam-setup-2.0.2.1012.exe
    2014-10-11 01:47 - 2014-10-12 01:45 - 42663936 _____ () C:\kernel.etl
    2014-10-11 01:45 - 2014-10-11 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    2014-10-11 01:45 - 2014-10-11 01:45 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
    2014-10-11 01:44 - 2014-10-11 01:45 - 00000000 ____D () C:\ProgramData\Package Cache
    2014-10-11 01:42 - 2014-10-11 01:42 - 00991536 _____ (Microsoft Corporation) C:\Users\Hendry Lukito\Downloads\sdksetup.exe
    2014-10-10 14:29 - 2014-10-10 14:29 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Local\SRS Labs
    2014-10-10 14:29 - 2010-04-28 10:32 - 00158576 _____ () C:\Windows\system32\Drivers\SRS_PremSoundMon_amd64.sys
    2014-10-10 14:26 - 2014-10-10 14:26 - 00000112 _____ () C:\Windows\SysWOW64\mon.txt
    2014-10-10 14:26 - 2014-10-10 14:26 - 00000000 ____D () C:\Program Files (x86)\ViewSonic
    2014-10-10 14:24 - 2014-10-11 01:36 - 00000094 _____ () C:\Windows\VSWizard.ini
    2014-10-09 18:58 - 2014-10-09 18:58 - 00002087 _____ () C:\Users\Hendry Lukito\Desktop\StatAssist 5.5.lnk
    2014-10-09 18:58 - 2014-10-09 18:58 - 00001137 _____ () C:\Users\Hendry Lukito\Desktop\EasyFit 5.5 Professional.lnk
    2014-10-09 18:58 - 2014-10-09 18:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MathWave
    2014-10-09 18:58 - 2014-10-09 18:58 - 00000000 ____D () C:\Program Files (x86)\MathWave
    2014-10-01 22:07 - 2014-09-25 10:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-01 22:07 - 2014-09-25 09:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-09-24 15:11 - 2014-09-10 06:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-09-24 15:11 - 2014-09-10 05:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-09-23 13:58 - 2014-09-23 13:58 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Roaming\MedCalc Software
    2014-09-23 10:46 - 2014-09-23 10:46 - 00055841 _____ () C:\Users\Hendry Lukito\Desktop\Monte Carlo Simulation Report.xls
    2014-09-22 23:47 - 2014-09-22 23:47 - 00029184 _____ () C:\Users\Hendry Lukito\Downloads\Table 1 Population Statistics, 1999¡Ð2012 (1).xls
    2014-09-22 23:44 - 2014-09-22 23:44 - 00036352 _____ () C:\Users\Hendry Lukito\Downloads\Table 2 Cause of Death, 1999¡Ð2012.XLS
    2014-09-22 23:44 - 2014-09-22 23:44 - 00029184 _____ () C:\Users\Hendry Lukito\Downloads\Table 1 Population Statistics, 1999¡Ð2012.xls
    2014-09-22 23:43 - 2014-09-22 23:43 - 03613184 _____ () C:\Users\Hendry Lukito\Downloads\2013 statistics of causes of death.xls
    2014-09-22 14:38 - 2014-10-13 18:51 - 00000336 _____ () C:\Windows\ODBC.INI
    2014-09-21 19:54 - 2014-09-21 19:54 - 00000219 _____ () C:\Users\Hendry Lukito\Downloads\Economic_Evaluation_in_Health_Care.enw
    2014-09-21 17:18 - 2014-09-21 17:18 - 01041596 _____ () C:\Users\Hendry Lukito\Documents\.RData
    2014-09-19 14:51 - 2014-09-19 14:51 - 00000164 _____ () C:\Users\Hendry Lukito\Downloads\Reliability_Based_Mechanical_Design.enw

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-18 12:05 - 2009-07-14 12:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-10-18 12:05 - 2009-07-14 12:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-10-18 12:02 - 2011-09-21 08:09 - 02073526 _____ () C:\Windows\WindowsUpdate.log
    2014-10-18 11:58 - 2014-08-07 17:03 - 00004986 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for USER-PC-Hendry Lukito USER-PC
    2014-10-18 11:58 - 2012-07-15 19:30 - 00000526 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-10-18 11:56 - 2014-08-07 14:39 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-18 11:55 - 2014-01-03 13:35 - 00021811 _____ () C:\Windows\setupact.log
    2014-10-18 11:55 - 2011-09-21 09:13 - 01427344 _____ () C:\Windows\PFRO.log
    2014-10-18 11:55 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-18 11:44 - 2014-08-07 14:39 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-18 10:11 - 2013-11-10 22:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA.job
    2014-10-17 22:11 - 2013-11-10 22:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core.job
    2014-10-17 14:46 - 2014-08-07 14:39 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2014-10-17 13:46 - 2009-07-14 17:21 - 00782738 _____ () C:\Windows\system32\prfh0404.dat
    2014-10-17 13:46 - 2009-07-14 17:21 - 00284936 _____ () C:\Windows\system32\prfc0404.dat
    2014-10-17 13:46 - 2009-07-14 13:13 - 02403322 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-10-16 21:18 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-16 20:28 - 2009-07-14 13:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-10-16 20:18 - 2009-07-14 12:45 - 00799856 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-16 20:16 - 2014-05-07 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\th-TH
    2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\th-TH
    2014-10-16 20:16 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-16 18:45 - 2011-09-21 08:39 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-16 18:45 - 2009-07-14 10:34 - 00000505 _____ () C:\Windows\win.ini
    2014-10-16 18:44 - 2014-08-07 16:14 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2014-10-16 18:36 - 2013-08-06 03:00 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-16 18:29 - 2011-09-21 09:33 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
    2014-10-16 18:27 - 2014-08-07 15:01 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Roaming\DMCache
    2014-10-15 11:21 - 2009-07-14 10:34 - 00000215 _____ () C:\Windows\system.ini
    2014-10-12 01:34 - 2014-05-23 00:02 - 00000000 ____D () C:\Users\Hendry Lukito\Downloads\Compressed
    2014-10-11 10:26 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system
    2014-10-11 10:25 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\Speech
    2014-10-11 01:36 - 2011-09-21 08:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-10-10 20:59 - 2014-08-10 21:52 - 00000000 ____D () C:\Users\Hendry Lukito\Documents\MATLAB
    2014-10-10 14:31 - 2014-08-06 19:09 - 00187504 _____ () C:\Users\Hendry Lukito\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-10-09 21:47 - 2014-08-06 19:09 - 00001377 _____ () C:\Users\Hendry Lukito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-10-09 18:59 - 2012-04-06 17:07 - 00000000 ____D () C:\Windows\system32\appmgmt
    2014-10-09 18:53 - 2014-09-14 20:04 - 00000000 ____D () C:\Program Files (x86)\MSECache
    2014-10-09 13:32 - 2014-05-23 00:02 - 00000000 ____D () C:\Users\Hendry Lukito\Downloads\Video
    2014-10-04 00:47 - 2013-10-18 14:50 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2014-09-30 13:45 - 2014-08-07 14:07 - 00000000 ____D () C:\Users\Hendry Lukito\Documents\SQL Server Management Studio
    2014-09-25 23:49 - 2014-08-06 19:09 - 00000000 ____D () C:\Users\Hendry Lukito\AppData\Local\Microsoft Help
    2014-09-24 11:57 - 2012-07-15 19:30 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-09-24 11:57 - 2012-07-15 19:30 - 00003464 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-09-24 11:57 - 2011-09-21 09:17 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-22 14:42 - 2011-09-21 09:31 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

    Some content of TEMP:
    ====================
    C:\Users\Hendry Lukito\AppData\Local\Temp\Quarantine.exe
    C:\Users\Hendry Lukito\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-16 05:10

    ==================== End Of Log ============================
     
  18. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
    Ran by Hendry Lukito at 2014-10-18 12:07:56
    Running from C:\Users\Hendry Lukito\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
    AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
    ACDSee Pro 3 (HKLM-x32\...\{1B280FAF-AE10-4E31-A41A-DB3917D651DC}) (Version: 3.0.475 - ACD Systems International Inc.)
    Adobe Acrobat X Pro - English, Fran蓷is, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
    Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
    Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_is1) (Version: - )
    Counter-Strike 1.6 (HKLM-x32\...\Counter-Strike 1.6_is1) (Version: Counter-Strike 1.6 No Steam - KingSOFT DVD)
    CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
    CustomerResearchQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    CyberLink PowerDVD 9 (HKLM-x32\...\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2320 - CyberLink Corp.)
    CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{8C20787A-7402-4FA7-BF25-6E5750930FDC}) (Version: 9.00.0000 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
    Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{B6FBF358-6B5E-4DE4-8BC5-892C87BBD3B4}) (Version: - Microsoft)
    Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{B6FBF358-6B5E-4DE4-8BC5-892C87BBD3B4}) (Version: - Microsoft)
    EasyFit 5.5 (HKLM-x32\...\EasyFit_is1) (Version: 5.5 - MathWave Technologies)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    GDR 2550 for SQL Server 2008 R2 (KB2716440) (64-bit) (HKLM\...\KB2716440) (Version: 10.51.2550.0 - Microsoft Corporation)
    GDR 5512 for SQL Server 2008 (KB2716436) (64-bit) (HKLM\...\KB2716436) (Version: 10.3.5512.0 - Microsoft Corporation)
    GDR 5520 for SQL Server 2008 (KB2977321) (64-bit) (HKLM\...\KB2977321) (Version: 10.3.5520.0 - Microsoft Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    HP Customer Participation Program 10.0 (HKLM\...\HPExtendedCapabilities) (Version: 10.0 - HP)
    HP LaserJet P2050 Series 6.0 (HKLM\...\{6F801026-6AF0-4520-9153-4C9B4CAAB361}) (Version: 6.0 - HP)
    hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden
    hppQFolderP2050 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
    hppusgP2050 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
    Intel(R) Network Connections 15.6.25.0 (HKLM\...\PROSetDX) (Version: 15.6.25.0 - Intel)
    Intel(R) Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel) Hidden
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3223 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version: - Tonec Inc.)
    Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Kits Configuration Installer (x32 Version: 8.59.25584 - Microsoft) Hidden
    K-Lite Codec Pack 9.7.0 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.0 - )
    K-Lite Mega Codec Pack 7.6.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.6.0 - )
    Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
    MATLAB R2009a (HKLM\...\MatlabR2009a) (Version: 7.8 - The MathWorks, Inc.)
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (CHT) (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 4.5.1 (繁體中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1028) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Access MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
    Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Access database engine 2007 (English) (HKLM-x32\...\{90120000-00D1-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Language Pack 2013 - English (HKLM\...\Office15.OMUI.en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office O MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Office 校訂工具 2013 - 繁體中文 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft OneNote MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Publisher MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Report Viewer Redistributable 2008 (KB971119) (x32 Version: 9.0.30731 - Microsoft Corporation) Hidden
    Microsoft Report Viewer Redistributable 2008 SP1 (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version: - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT (HKLM-x32\...\Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT) (Version: - Microsoft Corporation)
    Microsoft Report Viewer Redistributable 2008 SP1 Language Pack - CHT (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden
    Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
    Microsoft SharePoint Designer MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Analysis Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Database Engine Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Full text search (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Books Online (HKLM-x32\...\{74F7B314-0507-4F91-9A4E-B6C9B027E410}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Policies (HKLM-x32\...\{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}) (Version: 10.50.1600.1 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 RsFx Driver (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{6A0F9093-6EDF-45B2-8783-9EB9D15F8339}) (Version: 10.51.2550.0 - Microsoft Corporation)
    Microsoft SQL Server 2008 Reporting Services (Version: 10.2.4000.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Reporting Services (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 RsFx Driver (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{393CA5BF-0362-42FD-ABC2-BA9D22EF925E}) (Version: 10.3.5520.0 - Microsoft Corporation)
    Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU (HKLM-x32\...\{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
    Microsoft Sync Framework Runtime v1.0 (x64) (HKLM\...\{53D7A054-4598-4947-A159-E8FCC77720AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
    Microsoft Sync Services for ADO.NET v2.0 (x64) (HKLM\...\{817BCC2B-76A8-4C8B-8B55-FD916C6969CC}) (Version: 2.0.1215.0 - Microsoft Corporation)
    Microsoft Visio Language Pack 2013 - English (HKLM\...\Office15.VisMUI.en-us) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visio MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Visio MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPRO) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft Visio Professional 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft VisMUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual Studio 2007 Tools for Applications - ENU 的 Hotfix (KB947789) (HKLM-x32\...\{86BAE226-C93D-3803-9EED-A3C995B599BD}.KB947789) (Version: 1 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Shell (integrated mode) - CHT (HKLM-x32\...\{E6B7E1B0-FAB8-3B7D-81EF-F9706E6621EE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio 2008 Shell (integrated mode) - ENU (HKLM-x32\...\{BA0C9AAF-1327-3F06-B49C-349B4BE8F740}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}) (Version: 9.0.35191 - Microsoft Corporation)
    Microsoft Visual Studio Tools for Applications 2.0 Language Pack - CHT (HKLM-x32\...\{86BAE226-C93D-3803-9EED-A3C995B599BD}) (Version: 9.0.35191 - Microsoft Corporation)
    Microsoft Word MUI (Chinese (Traditional)) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microsoft X MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    Microtek ScanWizard (HKLM-x32\...\{17A7779A-D23F-11D3-8753-0050BABE1202}) (Version: - )
    MINITAB 14 (HKLM-x32\...\InstallShield_{A87E25E5-38BA-46AD-A008-1D4FB3D332D3}) (Version: 14.1 - Minitab)
    MINITAB 14 (x32 Version: 14.1 - Minitab) Hidden
    MP3 Cutter 1.1.1 (HKLM-x32\...\MP3 Cutter_is1) (Version: - MP3Cutter.org)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    Nero 8 Lite (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.13.0 - UpdatePack.nl)
    NetTalk By True (HKLM-x32\...\NetTalk_is1) (Version: - )
    Nitro Pro 8 (HKLM\...\{F373F779-B86E-4840-86AB-915510F81B30}) (Version: 8.0.7.4 - Nitro)
    Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.195.0 - Tracker Software Products Ltd)
    PowerDVD (x32 Version: 9.00.0000 - CyberLink Corp.) Hidden
    R for Windows 3.1.0 (HKLM\...\R for Windows 3.1.0_is1) (Version: 3.1.0 - R Core Team)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.26.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.26.0 - Renesas Electronics Corporation) Hidden
    RStudio (HKLM-x32\...\RStudio) (Version: 0.98.978 - RStudio)
    ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
    Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
    Smart Card Reader Driver 1.0.7.73 (HKLM-x32\...\Smart Card Reader Driver and Card Icon Program_is1) (Version: - )
    SPSS 16.0 (HKLM-x32\...\{9A657E90-E2B7-44DE-8929-055948162595}) (Version: 16.0.0 - SPSS Inc.)
    SQL Server 2008 (KB2546951) 的 Service Pack 3 (64-bit) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
    SQL Server 2008 R2 Reporting Services (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Analysis Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 BI Development Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Client Tools (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Integration Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Management Studio (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 SP1 Reporting Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
    SQL Server 2008 R2 的 Service Pack 1 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
    Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    TreeAge Pro 2011 (HKLM\...\TreeAge Pro 2011) (Version: - )
    TreeAge Pro Excel (HKLM-x32\...\TreeAge Pro Excel) (Version: - )
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0016-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0018-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-001B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.PROPLUS_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Excel 2013 (KB2889941) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.VISPRO_{EFD6026A-1531-4678-B51B-1A10C3F51CEE}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{90D44684-FCA7-4674-A91E-EBEAD18F7039}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
    Update for Microsoft Lync 2013 (KB2889929) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{FC4C557E-7664-453D-8A55-5D414069E0F5}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760371) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{25DEA344-FF6F-41BD-B88F-5242BB8E80E1}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.VISPRO_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881004) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AC8BEB81-5B5E-4503-B1F4-7781F4642E46}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881004) 64-Bit Edition (HKLM\...\{90150000-0016-0404-1000-0000000FF1CE}_Office15.PROPLUS_{AC8BEB81-5B5E-4503-B1F4-7781F4642E46}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881004) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{AC8BEB81-5B5E-4503-B1F4-7781F4642E46}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0DC71935-8DEE-4621-A223-23FD1552E567}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0404-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0404-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0055-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0100-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0404-1000-0000000FF1CE}_Office15.PROPLUS_{4224533E-EFAC-4B33-AD8A-1C486FC92C40}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0404-1000-0000000FF1CE}_Office15.VISPRO_{4224533E-EFAC-4B33-AD8A-1C486FC92C40}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.VISPRO_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.OMUI.en-us_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.VisMUI.en-us_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.OMUI.en-us_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.VisMUI.en-us_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2883095) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EADBF225-163E-406B-B11A-26ECCCAB5A0E}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.VISPRO_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889940) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{36772E16-D3FA-440E-B001-0BEB2B1FCE47}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889940) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{36772E16-D3FA-440E-B001-0BEB2B1FCE47}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
    Update for Microsoft Office 2013 (KB2889942) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{C22AE0C4-590E-46FF-9E21-37F45B84ADDD}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00BA-0404-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.PROPLUS_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0404-1000-0000000FF1CE}_Office15.VISPRO_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneDrive for Business (KB3000731) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{2245C7DD-6984-40C8-AD2C-C1CC6F049C91}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00A1-0404-1000-0000000FF1CE}_Office15.PROPLUS_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
    Update for Microsoft OneNote 2013 (KB2883059) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.VISPRO_{BA62716F-904B-4668-A792-A41C1D806416}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-001A-0404-1000-0000000FF1CE}_Office15.PROPLUS_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
    Update for Microsoft Outlook 2013 (KB2986204) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{2CB96A7D-CBFE-4028-ACE8-31C3925D3D46}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0404-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0404-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
    Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version: - Microsoft)
    Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
    Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
    Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0054-0404-1000-0000000FF1CE}_Office15.VISPRO_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
    Update for Microsoft Visio 2013 (KB2889849) 64-Bit Edition (HKLM\...\{90150000-0054-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{3D0456AC-955A-4119-A00F-1A093E8A64AC}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0051-0000-1000-0000000FF1CE}_Office15.VISPRO_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0404-1000-0000000FF1CE}_Office15.VISPRO_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.VisMUI.en-us_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0404-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0404-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.OMUI.en-us_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version: - Microsoft)
    WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
    Weka 3.6.5 (HKLM\...\Weka 3.6.5) (Version: 3.6.5 - Machine Learning Group, University of Waikato, Hamilton, NZ)
    Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
    Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Windows Software Development Kit (HKLM-x32\...\{363a2c1e-637f-45ce-933b-5a5463efd945}) (Version: 8.59.29750 - Microsoft Corporation)
    Windows Software Development Kit EULA (x32 Version: 8.59.25584 - Microsoft Corporations) Hidden
    WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
    Worms Reloaded (HKLM-x32\...\Worms Reloaded_is1) (Version: - )
    WPT Redistributables (x32 Version: 8.59.29750 - Microsoft) Hidden
    WPTx64 (x32 Version: 8.59.29722 - Microsoft) Hidden
    嘸蝦米輸入法 7.0 標準版 (HKLM\...\BoshiamyIME) (Version: 7, 0, 4, 433 - 行易有限公司)
     
  19. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    16-10-2014 10:28:03 Windows Update

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 10:34 - 2014-10-15 11:21 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {264DC165-5B2C-4A0D-AC63-41F98ACF10F6} - System32\Tasks\{B86C0079-EAC9-45EE-8920-EDF8816ADA6C} => Firefox.exe http://ui.skype.com/ui/0/6.1.59.129/en/abandoninstall?page=tsProgressBar
    Task: {287B40C0-12CE-481E-8AD9-D3FAD258A104} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {573AA68C-D296-40C0-9474-3A93502DF63B} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {606E4A54-849B-4A5D-9163-9A143F637994} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10] (Facebook Inc.)
    Task: {652FD2CF-6339-4588-84B3-8ED58C6E8214} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-11-10] (Facebook Inc.)
    Task: {81F2E762-3155-49F8-A291-ACC4DE4F2446} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
    Task: {BA3363F3-4978-4DA6-9FB6-F442C7B67594} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
    Task: {D56E530D-7774-48C4-B84C-71FE2D79AB6F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for USER-PC-Hendry Lukito USER-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
    Task: {D9915165-A947-450F-B307-18C2E37E8090} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {EC4C4E6E-7E27-4D48-BC07-40FDF96AFFB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-07] (Google Inc.)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000Core.job => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2917960761-3470745484-3326223250-1000UA.job => C:\Users\USER\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-09-21 08:18 - 2011-09-21 08:18 - 00073728 _____ () C:\Windows\SysWOW64\afasrv64.exe
    2011-09-21 08:18 - 2011-09-21 08:18 - 07377920 _____ () C:\Program Files (x86)\SmartCardReader\iconcs236856.exe
    2011-03-26 00:28 - 2011-03-26 00:28 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-09-16 13:52 - 2014-09-16 13:52 - 08896160 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2011-09-21 08:49 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
    2014-05-12 17:49 - 2014-05-12 17:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
    2014-09-16 13:53 - 2014-09-16 13:53 - 08896160 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2014-10-17 14:46 - 2014-10-10 10:03 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libglesv2.dll
    2014-10-17 14:46 - 2014-10-10 10:03 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\libegl.dll
    2014-10-17 14:46 - 2014-10-10 10:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll
    2014-10-17 14:46 - 2014-10-10 10:03 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ffmpegsumo.dll
    2014-10-17 14:46 - 2014-10-10 10:04 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2917960761-3470745484-3326223250-500 - Administrator - Disabled)
    Guest (S-1-5-21-2917960761-3470745484-3326223250-501 - Limited - Disabled)
    Hendry Lukito (S-1-5-21-2917960761-3470745484-3326223250-1211 - Administrator - Enabled) => C:\Users\Hendry Lukito
    MA007 (S-1-5-21-2917960761-3470745484-3326223250-1210 - Administrator - Enabled) => C:\Users\MA007
    USER (S-1-5-21-2917960761-3470745484-3326223250-1000 - Administrator - Enabled) => C:\Users\USER

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
    Description: The application domain WindowsService_0 failed to start. Error: Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Server stack trace:
    at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
    at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
    at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
    at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
    at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
    at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
    at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).

    Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
    Description: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Error: (10/18/2014 00:07:18 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
    Description: Report Server Windows Service (BUNJIRA) cannot connect to the report server database.

    Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
    Description: The application domain WindowsService_0 failed to start. Error: Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Server stack trace:
    at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
    at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
    at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
    at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
    at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
    at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
    at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).

    Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
    Description: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Error: (10/18/2014 00:06:02 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
    Description: Report Server Windows Service (BUNJIRA) cannot connect to the report server database.

    Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
    Description: The application domain WindowsService_0 failed to start. Error: Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Server stack trace:
    at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
    at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
    at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
    at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
    at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
    at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
    at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime).

    Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
    Description: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
    Description: Report Server Windows Service (BUNJIRA) cannot connect to the report server database.


    System errors:
    =============
    Error: (10/18/2014 00:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (10/18/2014 00:06:16 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:14 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:13 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:11 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:09 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:07 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:06 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:04 PM) (Source: Disk) (EventID: 7) (User: )
    Description: The device, \Device\Harddisk0\DR0, has a bad block.

    Error: (10/18/2014 00:06:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The SQL Server Reporting Services (BUNJIRA) service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.


    Microsoft Office Sessions:
    =========================
    Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
    Description: WindowsService_0Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Server stack trace:
    at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
    at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
    at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
    at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
    at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
    at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
    at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)

    Error: (10/18/2014 00:07:19 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
    Description:

    Error: (10/18/2014 00:07:18 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
    Description: Report Server Windows Service (BUNJIRA)

    Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
    Description: WindowsService_0Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Server stack trace:
    at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
    at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
    at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
    at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
    at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
    at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
    at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)

    Error: (10/18/2014 00:06:03 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
    Description:

    Error: (10/18/2014 00:06:02 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
    Description: Report Server Windows Service (BUNJIRA)

    Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 139) (User: )
    Description: WindowsService_0Microsoft.ReportingServices.Diagnostics.Utilities.EvaluationCopyExpiredException: The evaluation period for this instance of Microsoft SQL Server Reporting Services has expired. A license is now required.

    Server stack trace:
    at Microsoft.ReportingServices.Diagnostics.Sku.<>c__DisplayClass1.<GetSkuFromSqlBoot>b__0()
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.<>c__DisplayClass1.<Run>b__0(Object state)
    at System.Security.SecurityContext.Run(SecurityContext securityContext, ContextCallback callback, Object state)
    at Microsoft.ReportingServices.Diagnostics.RevertImpersonationContext.Run(ContextBody callback)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetSkuFromSqlBoot(String instanceId, Int32& outDaysLeft)
    at Microsoft.ReportingServices.Diagnostics.Sku.GetInstalledSku(String instanceId)
    at Microsoft.ReportingServices.Diagnostics.Sku.IsFeatureEnabled(String instanceId, RestrictedFeatures feature)
    at Microsoft.ReportingServices.Diagnostics.ResourceUtilities.LogCPUAndThrottleIfNecessary()
    at Microsoft.ReportingServices.Library.ServiceAppDomain.StartService(IServiceAppDomainController appDomainController, Boolean firstStart)
    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Int32 methodPtr, Boolean fExecuteInContext, Object[]& outArgs)
    at System.Runtime.Remoting.Messaging.StackBuilderSink.SyncProcessMessage(IMessage msg, Int32 methodPtr, Boolean fExecuteInContext)

    Exception rethrown at [0]:
    at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
    at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
    at Microsoft.ReportingServices.Library.IServiceAppDomain.StartService(IServiceAppDomainController controller, Boolean firstStart)
    at Microsoft.ReportingServices.Library.ServiceAppDomainController.StartServiceInNewAppDomain(Boolean firstTime)

    Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 136) (User: )
    Description:

    Error: (10/18/2014 00:04:45 PM) (Source: Report Server Windows Service (BUNJIRA)) (EventID: 107) (User: )
    Description: Report Server Windows Service (BUNJIRA)


    CodeIntegrity Errors:
    ===================================
    Date: 2014-10-15 11:21:07.015
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-10-15 11:21:06.969
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2014-08-31 18:10:38.237
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-31 17:50:22.815
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-31 17:28:58.270
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-31 17:21:21.812
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-31 16:16:46.572
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-31 15:53:28.688
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-31 15:31:57.187
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.

    Date: 2014-08-30 19:08:59.111
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz
    Percentage of memory in use: 17%
    Total physical RAM: 28559.21 MB
    Available physical RAM: 23503.86 MB
    Total Pagefile: 57116.61 MB
    Available Pagefile: 51227.99 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:232.78 GB) (Free:49.73 GB) NTFS
    Drive d: () (Fixed) (Total:232.88 GB) (Free:134.09 GB) NTFS
    Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive g: () (Fixed) (Total:976.56 GB) (Free:919.08 GB) NTFS
    Drive h: () (Fixed) (Total:1071.34 GB) (Free:274.08 GB) NTFS
    Drive I: (IR1_CPRA_X64FREV_ZH-TW_DV5) (CDROM) (Total:3.74 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4FCC58E5)
    Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 3726 GB) (Disk ID: B6A494A7)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=976.6 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=1071.3 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] roboot64.exe seems to be coming from Advanced System Optimizer, some registry tweaking tool. You don't want that.

    [​IMG]
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    [​IMG] You have number of this type of errors in Event Viewer:
    Click Start button and in "Start search" type:
    cmd
    Hold CTRL and SHIFT buttons and press Enter.
    Command prompt window will open.
    Paste this in:
    chkdsk /r (<------watch for "space")
    Press Enter.
    Chkdsk will run.
    Reboot.
    Download ListChkdskResult.exe (by SleepyDude) from the link below:
    https://dl.dropboxusercontent.com/u/12354842/My Tools/ListChkdskResult.exe
    Double click on it to run it. It will take a few seconds to scan, then it will open a Notepad window with the log. Copy and paste the contents of this into your next post
     

    Attached Files:

  21. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2014
    Ran by Hendry Lukito at 2014-10-20 12:07:03 Run:1
    Running from C:\Users\Hendry Lukito\Desktop
    Loaded Profile: Hendry Lukito (Available profiles: USER & MA007 & Hendry Lukito)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] => [X]
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
    S2 ASPI32; No ImagePath
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    S3 VIAHdAudAddService; system32\drivers\viahduaa.sys [X]
    C:\Users\Hendry Lukito\AppData\Local\Temp\Quarantine.exe
    C:\Users\Hendry Lukito\AppData\Local\Temp\sqlite3.dll
    AlternateDataStreams: C:\Windows:nlsPreferences
    AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
    "HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
    "HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
    "HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => Key not found.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
    "HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}" => Key not found.
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => Key deleted successfully.
    ASPI32 => Service deleted successfully.
    catchme => Service deleted successfully.
    Synth3dVsc => Service deleted successfully.
    tsusbhub => Service deleted successfully.
    VGPU => Service deleted successfully.
    VIAHdAudAddService => Service deleted successfully.
    C:\Users\Hendry Lukito\AppData\Local\Temp\Quarantine.exe => Moved successfully.
    C:\Users\Hendry Lukito\AppData\Local\Temp\sqlite3.dll => Moved successfully.
    C:\Windows => ":nlsPreferences" ADS removed successfully.
    C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.

    ==== End of Fixlog ====
     
  22. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

    ------< Log generate on 10/20/2014 2:13:56 PM >------
    Category: 0
    Computer Name: USER-PC
    Event Code: 1001
    Record Number: 1717833
    Source Name: Microsoft-Windows-Wininit
    Time Written: 10-20-2014 @ 06:10:50
    Event Type: Information
    User:
    Message:

    Checking file system on C:
    The type of the file system is NTFS.

    A disk check has been scheduled.
    Windows will now check the disk.

    CHKDSK is verifying files (stage 1 of 5)...
    Cleaning up instance tags for file 0x11fe3.
    878080 file records processed.

    File verification completed.
    1215 large file records processed.

    0 bad file records processed.

    2 EA records processed.

    100 reparse records processed.

    CHKDSK is verifying indexes (stage 2 of 5)...
    998536 index entries processed.

    Index verification completed.
    0 unindexed files scanned.

    0 unindexed files recovered.

    CHKDSK is verifying security descriptors (stage 3 of 5)...
    878080 file SDs/SIDs processed.

    Cleaning up 3861 unused index entries from index $SII of file 0x9.
    Cleaning up 3861 unused index entries from index $SDH of file 0x9.
    Cleaning up 3861 unused security descriptors.
    CHKDSK is compacting the security descriptor stream
    60229 data files processed.

    CHKDSK is verifying Usn Journal...
    37594368 USN bytes processed.

    Usn Journal verification completed.
    CHKDSK is verifying file data (stage 4 of 5)...
    Read failure with status 0xc000009c at offset 0x72997000 for 0x10000 bytes.
    Read failure with status 0xc000009c at offset 0x729a1000 for 0x1000 bytes.
    Windows replaced bad clusters in file 331450
    of name \PROGRA~2\MI3EDC~1\100\Shared\MSMDRE~1.DLL.
    878064 files processed.

    File data verification completed.
    CHKDSK is verifying free space (stage 5 of 5)...
    13252142 free clusters processed.

    Free space verification is complete.
    Adding 1 bad clusters to the Bad Clusters File.
    CHKDSK discovered free space marked as allocated in the
    master file table (MFT) bitmap.
    Correcting errors in the Volume Bitmap.
    Windows has made corrections to the file system.

    244091609 KB total disk space.
    189663816 KB in 794968 files.
    428760 KB in 60232 indexes.
    4 KB in bad sectors.
    990457 KB in use by the system.
    65536 KB occupied by the log file.
    53008572 KB available on disk.

    4096 bytes in each allocation unit.
    61022902 total allocation units on disk.
    13252143 allocation units available on disk.

    Internal Info:
    00 66 0d 00 a8 0c 0d 00 71 72 18 00 00 00 00 00 .f......qr......
    6e 04 00 00 64 00 00 00 00 00 00 00 00 00 00 00 n...d...........
    00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

    Windows has finished checking your disk.
    Please wait while your computer restarts.

    -----------------------------------------------------------------------
     
  23. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  24. Hendry Lukito

    Hendry Lukito TS Rookie Topic Starter Posts: 24

    I think it's doing just fine now. Since the roguekiller enable to detect and fix the dwm.exe, all CPU works normally when idle. I'm on work now. Will do the scans tonight.
    oh and also, I'm planning to do a cleaning for my laptop, even though I'm not sure is there any harmful malwares since they don't make it into surface like dwm.exe. Would you mind to help me once again scanning my laptop later?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Not a problem but create new topic for it.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...